Part three of this National Cybersecurity Awareness Month series will cover multi-factor authentication (MFA), how it protects your accounts and the advantages of authenticator apps.
Due to trends in cyberattacks and advancements in technology, using only passwords is no longer considered to be a secure way to protect user accounts and data. MFA is the addition of another layer of security on top of a password. This is achieved by creating one-time use codes with expiration times or a security challenge that requires the person signing in to interact with something physically near them. Examples of MFA methods include apps tied to hardware like a mobile phone, a physical authentication device or a text message to a specific phone number. By utilizing MFA you can not only keep your account secure but help prevent access to personal and campus data by unwanted parties.
Though any MFA is better than none, the methods available differ in terms of their strength of security. Authenticator apps such as Microsoft Authenticator or Google Authenticator provide the best protection, as they are directly tied to your physical phone, are much harder for malicious parties to bypass and require additional interaction beyond just entering a code. Using an authenticator app does not require cell coverage. Even with MFA, it is still important to be aware of what is happening with your accounts. Always look out for the following things when using MFA.
- Always verify where a MFA request is coming from. If the message is coming from somewhere you don’t recognize, do not allow the login to proceed.
- Be aware of where you are trying to log into your account. Fraudulent sites may request a MFA code from you in an attempt to break into your account.
- If you receive many MFA messages in a row, a message at a strange time of day or one randomly when you haven’t logged in anywhere for the account in question that you aren’t using, change your password immediately, as the account’s password may be compromised.
To learn more about how SUNY Oswego is using multi-factor authentication, please visit the MFA website. Please be aware that Microsoft is planning on sunsetting SMS text messaging as an option for MFA, so utilizing an authenticator app now can prevent you from having to change later. LakerApps (Gmail, Calendar, Drive) requires a separate multi-factor configuration which can also take advantage of the Microsoft authenticator app. To set up MFA with LakerApps, please follow Google’s instructions.
For more information on best authentication practices, please review section 1, “User Authentication” of the Web Security: User Authentication And Access Control LinkedIn Learning course.
-- Submitted by Campus Technology Services